SAN DIEGO (08/01/2000) - IT executives who are counting on directories to help them manage their e-commerce relationships are facing significant hurdles in the areas of standards support, security and scalability.
IT executives gathered last week at the annual Catalyst Conference put on by consulting firm The Burton Group Corp. to share their concerns. They focused on how to integrate directories internally and with partners' corporate systems to help manage e-commerce and online groups of suppliers and partners, a concept The Burton Group refers to as a virtual enterprise network.
Most experts think business drivers will force such directory integration on the enterprise in two to three years, but IT executives are not happy about the technologies to support it.
"We will [set up virtual enterprise networks], but not the way we want to," says Harold Albrecht, chairman of the Network Applications Consortium (NAC), a corporate user group. "We won't be able to do it with one infrastructure."
That is because integrating corporate directories with the outside world involves many thorny issues, especially a lack of solid standards. Without standards, companies say they must piece together disparate systems themselves, creating additional work and inflating costs.
"The Emerald City [virtual enterprise network] is in clear focus, but we are not one step closer this year," says Keith Hazelton, IT architect at the University of Wisconsin.
IT executives are growing tired of hearing about XML as the Holy Grail of interoperability while XML's potential problems are ignored. They also are frustrated with Lightweight Directory Access Protocol (LDAP) because development has slowed, and key pieces are missing.
"The NAC's purpose is to influence the vendors on standards development and we have been frustrated," says Hazelton, a NAC member.
Critics say vendors preach standards support but continue to extend standards in proprietary ways.
"If we could solve the issues around standards and the extensions to standards, we could solve our interoperability problems. The barrier is the people selling us the software," says Fred Wettling, infrastructure architect for Bechtel, a global engineering and construction company in San Francisco. "The industry lacks convergence on standard schemas, and that causes issues in interoperability and forces us to live with the pariah of metadirectory translations for every product we install."
Some users feel they must develop standards themselves and hope that vendors, now entrenched in standards bodies, use their power to drive standards to completion.
"If you want something standardized, universities should write it, give it away and hope a vendor steals it and makes it a common standard," says Tom Jordan, network specialist at the University of Wisconsin, referring to the way LDAP soared in the mid-1990s.
But Jordan says even LDAP has since lost momentum and is missing key pieces such as mechanisms for access control. "While we can move data in a standard way, we don't have any way to move access controls," he says.
There is hope XML will build on LDAP and offer relief, but IT executives say the sheer volume of XML frameworks and schemas makes them nervous, and experts say the potential for fragmentation is high.
"It's like going back to the old X.400 days where everyone was implementing the specification differently, and nothing worked together," says Jim McDermott, a board member for the NAC. "I don't want to go through that again."
Security and scalability
Security is another issue, especially when enterprises use directories to open internal systems to external users. Glacial efforts for improvements in public-key infrastructure and other security mechanisms also are frustrating.
"Our security issues center on control. How do we know who our users are?" asks Frank Fujihara, project manager for utility company Commonwealth Edison in Chicago, which has built an internal employee self-service application based on the directory. "Our concern is that once we give outside users authority, who else might they pass it to? How do we control that, and how difficult is that to implement?"
Another concern is scalability. With directories handling the comings and goings of potentially tens of thousands of users, scalability needs to grow exponentially.
"You don't want to put the directory on a small box and then have to replace it down the road," says Ed Dembek, senior analyst at ComEd, and Fujihara's colleague. "Upfront we said the directory runs on Unix or the mainframe for reliability and scalability." The company runs Siemens AG DirX directory on Unix.